Panko2e ch03

Chapter 3
Ô Chapter 1 introduced the threat environment

Ô Chapter 2 introduced the plan-protect-respond
cycle and covered the planning phase
Ô Chapters 3 through 8 will cover the protection
phase
Ô Chapters 3 and 4 introduce cryptography, which is
important in itself and which is used in many other
protections
2
Copyright Pearson Prentice-Hall 2010
Ô Cryptography is the use of mathematical
operations to protect messages traveling between
parties or stored on a computer
Ô Confidentiality means that someone intercepting

your communications cannot read them
???

Ô Confidentiality is only one cryptographic protection
Ô Authentication means proving one¶s identity to
another so they can trust you more
Ô Integrity means that the message cannot be
changed or, if it is change, that this change will be
detected
Ô Known as the CIA of cryptography
Ń o, not w w CIA

Ô Encryption for confidentiality needs a cipher
(mathematical method) to encrypt and decrypt
Ń ahe cipher cannot be kept secret
Ô ahe two parties using the cipher also need to

know a secret key or keys
Ń A key is merely a long stream of bits (1s and 0s)
Ń ahe key or keys 2 w be kept secret
Ô Cryptanalysts attempt to crack (find) the key
5
Sy etric
ey
a es ropper
Cannot Rea
Messages in
Plaintext: Cipher & Ciphertext: 11010100 Ciphertext
"Hello" ey
Net or Sa e
Sy etric
ey
Party Cipher & Plaintext:

Ciphertext: 11010100
ey "Hello"
Note:
single ey is se to encrypt an ecrypt
in oth irections
Party B
6
Y

n 4 r
o 8 w
w 15 l
i 1 «
s 23 «
t 1 «
+4 h 3 «
e 9 «
n o p q r t 12 «
i 20 «
m «
ahis is a very weak cipher
e 25 «
eal ciphers use complex math
7
Ô ubstitution Ciphers
Ń ubstitute one letter (or bit) for another in each place
Ń ahe cipher we saw in Figure 3-2 is a substitution cipher
Ô aransposition Ciphers
Ń aransposition ciphers do not change individual letters or
bits, but they change their order
Ô 0ost real ciphers use both substitution and

transposition

Y
Y
n o w
i s t
h e t
Key = 132 231

Ô Ciphers can encrypt any message expressed in
binary (1s and 0s)
Ń ahis flexibility and the speed of computing makes this
ciphers dominant for encryption today
Ô Codes are more specialized

Ń ahey substitute one thing for another
Ń Usually a word for another word or a number for a word
Ń Codes are good for humans and may be included in
messages sent via encipherment

0essage Code
From 1 434
Akagi 3 1
ao 839 1
aruk 11131
a P
EaA 3 4
aransmitted P0 3104
1434 318391« a P
equire 2998
213
4 8
a P
11
Key Length in umber of Possible Keys
its Each extra bit
doubles the number
1 of keys 2
2 4
4 1
8 2
1 ,3
40 1,099,11,2,
2,0,94,03,92,900
112 ,192,29,88,34,830,000,000,000,000,000,000
112 1923E+33
18 haded keys are 34144E+0
2 trong symmetric 1192E+
12 keys (>=100 bits) 13408E+14
12
Ô ote
Ń Public key/private key pairs (discussed later in the
chapter) must be much longer than symmetric keys to be
considered to be strong because of the disastrous
consequences that could occur if a private key is cracked
and because private keys cannot be changed frequently
Public keys and private keys must be at least 12 to
1,024 bits long
1

Key Length 0 bits or 112 or 18 128, 192, or
(bits) more 2
Key trength Very weak at Weak trong trong
0 bits
Processing Low 0oderate High Low
equirements
A0 Low 0oderate 0oderate Low
equirements
emarks Can uses Created in Applies aoday¶s gold
keys of the 190s DE three standard for
variable times with symmetric
length two or three key
different encryption
DE keys
1
- it D y etric ey
5 its re n ant its
- it Plainte t lock
ahe D cipher D ncryption

encrypts essages Process
its at a ti e
ahe D cipher in
co e ook o e nee s
- it Cipherte t lock
two inp ts
15
Ô Cryptographic ystems
Ń Encryption for confidentiality is only one cryptographic
protection
Ń Individual users and corporations cannot be expected to
master these many aspects of cryptography
Ń Consequently, crypto protections are organized into
complete cryptographic systems that provide a broad set
of cryptographic protection
6
Ô Cryptographic ystems
1 awo parties first agree upon a particular cryptographic
system to use
2 Each cryptographic system dialogue begins with three
brief hand-shaking stages
3 ahe two parties then engage in cryptographically
protected communication
½ ahis ongoing communication stage usually constitutes nearly
all of the dialogue
7
Handsha ing tage 1
Initial egotiation of ecurity Para eters
Handsha ing tage 2

Client PC Initial uthentication
Usually utual er er
Handsha ing tage 3

eying
ecure e change of eys and other secrets
ai e
ngoing Co unication tage
ai e with essage-by- essage
Confidentiality, uthentication,
and essage Integrity
lectronic ignature Plainte t

uthentication, Integrity
1 ncrypted for Confidentiality

nitial thentication
s ally m t al erver
Han shaking tage

eying
ec re e change o keys an other secrets
Ongoing Comm nication tage

e ith 0essage- y-0essage
Con i entiality thentication
an 0essage ntegrity
lectronic ignat re Plainte t

thentication ntegrity
ncrypte or Con i entiality
1
electing methods and
parameters
Authentication
Keying (the secure exchange of
secrets)
ngoing communication
20 Copyright Pearson Prentice-Hall 2010

Cipher uite Key Digital ymmetric Hashing trength
egotiation ignature Key 0ethod
0ethod Encryption for
0ethod H0AC
ULL_WIaH_ULL_ULL one one one one one
A_EXP a_WIaH_ A A C4 (40-bit 0D Weak
C4_40_0D export export key)
strength (40 strength
bits) (40 bits)
A_WIaH_DE_C C_ A A DE_C C HA-1 tronger
HA but not
very
strong
DH_D_WIaH_3DE_ Diffie- Digital 3DE_ HA-1 trong
EDE_C C_HA Hellman ignature EDE_C C
tandard
A_WIaH_AE_2_C A A AE HA-2 Very
C_HA2 2 bits strong
21
parameters
Authentication
secrets)

upplicant Credentials Verifier
Wishes to prove its Proofs of identity aests the
identity (password, etc) credentials, accepts
or rejects the
supplicant
2
Ô
Ń A hashing algorithm is applied to a bit string of any length
Ń ahe result of the calculation is called the hash
Ń For a given hashing algorithm, all hashes are the same
short length
Hashing Hash bit string of

it string of any length Algorithm small fixed length

Ô !
"
!! !
"
esult length About the same hort fixed length

length as the regardless of
plaintext message length
eversible? Yes Decryption o ahere is no way

to get from the short
hash back to the long
original message
à5
Ô "#
Ń 0D (128-bit hashes)
Ń HA-1 (10-bit hashes)
Ń HA-224, HA-2, HA-384, and HA-12 (name
gives hash length in bits)
Ń ote 0D and HA-1 should not be used because have
been shown to be unsecure
2
27
2010
upplicant sends esponse 0essage in the clear
(without encryption)
aransmitted esponse 0essage
2
2
parameters
Authentication
secrets)

Ô ahere are two types of ciphers used for
confidentiality
Ń In symmetric key encryption for confidentiality, the two
sides use the same key
½ For each dialogue (session), a new symmetric key is
generated the symmetric session key
Ń In public key encryption, each party has a public key and
a private key that are never changed
½ A person¶s public key is available to anyone
½ A person keeps his or her private key secret

2
1.
Creates
Sy etric
Session ey
Party
Party B
2. ncrypts
Session ey ith . Sen s the Sy etric . ecrypts
Party B's P lic ey Session ey ncrypte Session ey ith
or Con i entiality Party B's Pri ate ey
. S se ent ncryption ith

Sy etric Session ey
Ô ahe two parties exchange parameters p and g
Ô Each uses a number that is never shared explicitly
to compute a second number
Ń Each sends the other their second number
Ô Each does another computation on the second

computed number
Ô oth get the third number, which is the key
Ô All of this communication is sent in the clear

1
E change Keying Infor ation
Party X Agree on Diffie-Hell an Group
ahe gory p (pri e) and g (generator) Party
details E change is in the clear
2 2
Party X Party
Generates ando Generates ando
u ber u ber y
Party X 4 Party
Co putes E change Keying Infor ation Co putes
=g^ od p E change and y y =g^y od p
E change is in the clear
5 5
Party X Party
Co putes Key Co putes Key
=y ^ od p = ^y od p
=g^( y) od p =g^( y) od p
ubsequent Encryption ith
y etric ession Key g^( y) od p
ote An ea esdropper intercepting the eying infor ation

ill still not no or y and so ill not be able to
5 co pute the sy etric session ey g^ y 0od P
parameters
Authentication
secrets)

Ô Consumes nearly all of the dialogues
Ô 0essage-by-0essage Encryption
Ń early always uses symmetric key encryption
Ń Already covered
Ń Public key encryption is too inefficient
Ô 0essage-by-0essage Authentication
Ń Digital signatures
Ń 0essage authentication codes (0ACs)
Ń Also provide message-by-message integrity
7
o Create the Digital ignat re Plainte t
1 Hash the plainte t to create a Hash

rief essage igest; this is
the Digital ignat re D
ign ncrypt ith
2 ign encrypt the essage en er s Pri ate ey
igest ith the sen er s pri ate D
key to create the igital signat re
Goal to sho that the s pplicant

kno s the r e Party s D Plainte t
pri ate key
D Plainte t Copyright Pearson Prentice-Hall 2010

ey to create the igital signat re
Goal to sho that the s pplicant

no s the Tr e Party s S Plainte t
pri ate ey
S Plainte t
Trans it the plainte t + igital

Sen er signat re, encrypte ith ecei er
sy etric ey encryption
To Test the igital Signat

ncryption is one to protect the plainte t
5 Hash the recei e plain
It is not nee e for essage- y- essage a thentication
ith the sa e hashing algo
ecei e Plainte t S the sen er se This gi es
essage igest
ecrypt ith Copyright Pearson Prentice-Hall 2010
Hash Tr e Party s 5 ecrypt the igital signa
ith the Tr e Party s p lic
D Plainte t
3. arans it the plainte t + digital

ender signature encrypted ith ecei er
sy etric key encryption.
ao aest the Digital ignature

. . . Hash the recei ed plainte t
ith the sa e hashing algorith
ecei ed Plainte t D the sender used. ahis gi es the
essage digest.
Decrypt ith
Hash arue Party s . Decrypt the digital signature
Public Key ith the arue Party s public key.
ahis also ill gi e the
essage digest i the sender
has the arue Party s pri ate key.
0D 0D
. . the t o atch the essage
Are ahey Equal? is authenticated.
0
Encryption Goal ender Encrypts eceiver
with Decrypts with
Public Key ahe receiver¶s ahe receiver¶s
Encryption for public key private key
Confidentiality
Public Key ahe sender¶s ahe arue Party¶s
Encryption for private key public key
Authentication (not the sender¶s
public key)
Point of frequent
confusion
1
Ô Cannot use the sender¶s public key
Ń It would Ëvalidate´ the sender¶s digital signature
Ô ormally requires a digital certificate

Ń File provided by a certificate authority (CA)
½ ahe certificate authority must be trustworthy
Ń Digital certificate provides the subject¶s (arue Party¶s)
name and public key
Ń Don¶t confuse digital signatures and the digital certificates
used to test digital signatures!
à
Field Description
Version Version number of theerial number
X09 allows the
standard receiver
0ost to
certificates
umber check if the
follow Version
Different digital certificate
versions has been
have different fields
revoked
ahis figure reflects the Version by the CA

standard
Issuer ame of the Certificate Authority (CA)

erial Unique serial number for the certificate, set by the CA
umber
ubject ahe name of the person, organization, computer, or
(arue Party) program to which the certificate has been issued ahis
is the true party
Public Key ahe public key of the subject (the true party)
Public Key ahe algorithm the subject uses to sign messages with
Algorithm digital signatures
Certificate provides the arue

Party¶s public key
Field Description
Digital ahe digital signature of the certificate, signed by the CA
ignature with the CA¶s own private key
For testing certificate authentication and integrity
User must know the CA¶s public key independently
ignature ahe digital signature algorithm the CA uses to sign its

Algorithm certificates
Identifier
ahe CA signs the cert with its own

ther Fields «
private key so that the cert¶s validity can
be checked for alterations

Ô a
Ń ahe digital certificate has a digital signature of its own
Ń igned with the Certificate Authority¶s (CA¶s) private key
Ń 0ust be tested with the CA¶s well-known public key
Ń If the test works, the certificate is authentic and
unmodified
5
Ô !$ % & Y"&
Ń Certificate is valid only during the valid period in the
digital certificate (not shown in the figure)
Ń If the current time is not within the valid period, reject the
digital certificate
6
Ô !$ '" "!"
Ń Certificates may be revoked for improper behavior or
other reasons
Ń evocation must be tested
Ń Cannot be done by looking at fields within the certificate
Ń eceiver must check with the CA
7
Ô !$ '" "!"
Ń Verifier may download the entire certificate revocation list
from the CA
½ ee if the serial number is on the certificate
revocation list
½ If so, do not accept the certificate
Ń r, the verifier may send a query to the CA
½ equires the CA to support the nline Certificate
tatus Protocol

Certi icate thority
eri ier st no C p lic ey to test

hether the igital certi icate has een altere
e ocation in or ation
igital ignat re igital Certi icate
igital ignat re P lic ey o

to e teste ith r e Party
the p lic ey o
the r e Party
thentication
the p lic ey o the r e Party

eri ies the igital signat re
accept the s pplicant

Ô Also rings 0essage Integrity
Ń If the message has been altered, the authentication method
will fail automatically
Ô Digital ignature Authentication

Ń Uses public key encryption for authentication
Ń Very strong but expensive
Ô Key-Hashed 0essage Authentication Codes

Ń An alternate authentication method using hashing
Ń 0uch less expensive than digital signature authentication
Ń 0uch more widely used
5
51
As in the case of digital signatures, confidentiality is
done to protect the plaintext
It is not needed for authentication and has nothing to
do with authentication
52
5

Ô onrepudiation means that the sender cannot
deny that he or she sent a message
Ô With digital signatures, the sender must use his or
her private key
Ń It is difficult to repudiate that you sent something if you
use your private key
Ô With H0ACs, both parties know the key used to

create the H0AC
Ń ahe sender can repudiate the message, claiming that the
receiver created it
5
Ô However, packet-level nonrepudiation is
unimportant in most cases
Ô ahe application message²an e-mail message, a
contract, etc, is the important thing
Ô If the application layer message has its own digital
signature, you have nonrepudiation for the
application message, even if you use H0ACs at
the internet layer for packet authentication
55
Ô
!$
Ń Capture and then retransmit an encrypted message later
Ń 0ay have a desired effect
Ń Even if the attacker cannot read the message
56
Ô a(
!$
Ń aime stamps to ensure freshness of each message
Ń equence numbers so that repeated messages can be
detected
Ń onces
½ Unique randomly generated number placed in each
request message
½ eflected in the response message
½ If a request arrives with a previously used nonce, it is
rejected
57
Ô # )!!
Ń Describes the behavior of fundamental particles
Ń Complex and even weird results
5
Ô # * "
Ń aransmits a very long key²as long as the message
Ń ahis is a one-time key that will not be used again
Ń A one-time key as long as a message cannot be cracked
by cryptanalysis
Ń If an interceptor reads part of the key in transit, this will
be immediately apparent to the sender and receiver
5
Ô # !$
Ń aests many keys simultaneously
Ń If quantum key cracking becomes capable of working
on long keys, today¶s strong key lengths will offer no
protection
6
"'& !"
##! Applicable ender ot applicable
!
" encrypts with key
shared with the
receiver
Y * ! Applicable ender Applicable ender (supplicant)

!
" encrypts with encrypts with own private key
receiver¶s public key eceiver (verifier) decrypts with
eceiver decrypts the public key of the true party,
with the receiver¶s usually obtained from the true
own private key party¶s digital certificate
ot applicable Applicable Used in 0-CHAP

for initial authentication and in
H0ACs for message-by-
message authentication
61
2010
2
All rights reserved o part of this publication may be reproduced, stored in a
retrieval system, or transmitted, in any form or by any means, electronic,
mechanical, photocopying, recording, or otherwise, without the prior written
permission of the publisher Printed in the United tates of America

Panko2e ch03

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Panko2e ch03

Hochgeladen von

Copyright:

Verfügbare Formate

Chapter 3

Ô Chapter 1 introduced the threat environment

Ô Confidentiality means that someone intercepting

Copyright Pearson Prentice-Hall 2010

Copyright Pearson Prentice-Hall 2010

Ô ahe two parties using the cipher also need to

Ô Cryptanalysts attempt to crack (find) the key

Party Cipher & Plaintext:

Ô 0ost real ciphers use both substitution and

Copyright Pearson Prentice-Hall 2010

Copyright Pearson Prentice-Hall 2010

Ô Codes are more specialized

Copyright Pearson Prentice-Hall 2010

ahe D cipher D ncryption

Handsha ing tage 2

Handsha ing tage 3

lectronic ignature Plainte t

1 ncrypted for Confidentiality

Han shaking tage

Ongoing Comm nication tage

lectronic ignat re Plainte t

ncrypte or Con i entiality

20 Copyright Pearson Prentice-Hall 2010

22 Copyright Pearson Prentice-Hall 2010

Hashing Hash bit string of

Copyright Pearson Prentice-Hall 2010

esult length About the same hort fixed length

eversible? Yes Decryption o ahere is no way

aransmitted esponse 0essage

30 Copyright Pearson Prentice-Hall 2010

Copyright Pearson Prentice-Hall 2010

. S se ent ncryption ith

Ô Each does another computation on the second

Copyright Pearson Prentice-Hall 2010

ote An ea esdropper intercepting the eying infor ation

3 Copyright Pearson Prentice-Hall 2010

1 Hash the plainte t to create a Hash

Goal to sho that the s pplicant

D Plainte t Copyright Pearson Prentice-Hall 2010

Goal to sho that the s pplicant

Trans it the plainte t + igital

To Test the igital Signat

3. arans it the plainte t + digital

ao aest the Digital ignature

Ô ormally requires a digital certificate

Issuer ame of the Certificate Authority (CA)

ignature ahe digital signature algorithm the CA uses to sign its

ahe CA signs the cert with its own

eri ier st no C p lic ey to test

igital ignat re igital Certi icate

igital ignat re P lic ey o

the p lic ey o the r e Party

Ô Digital ignature Authentication

Ô Key-Hashed 0essage Authentication Codes

Copyright Pearson Prentice-Hall 2010

Ô With H0ACs, both parties know the key used to

Y * !  Applicable ender Applicable ender (supplicant)

  ot applicable Applicable Used in 0-CHAP

Das könnte Ihnen auch gefallen

esult length About the same hort fixed length

eversible? Yes Decryption o ahere is no way

aransmitted esponse 0essage

ote An ea esdropper intercepting the eying infor ation

ao aest the Digital ignature

Ô ormally requires a digital certificate

Issuer ame of the Certificate Authority (CA)

ignature ahe digital signature algorithm the CA uses to sign its

Ô Digital ignature Authentication

Y * ! Applicable ender Applicable ender (supplicant)

ot applicable Applicable Used in 0-CHAP